Container Native Build Using Insulatr

Products for continuous integration and continuous delivery have become a commodity. But among them is a growing number isolating build steps in containers. Instead of using a fully integrated product, I have created a tool called insulatr to execute builds in containers without the need for a server component or scheduler.

Container Native Builds

Traditional automation products facilitate the concept of a shell script executed on an arbitrary agent. Instead of focussing on the automation task at hand, engineers need to think about the setup and maintenance of such agents as well. As a result, these agents become a critical part of the infrastructure. A logical step was to containerize build agents - with the Dockerfile to describe how to build an agent template and docker-compose to describe how to deploy agents. As soon as the tools required for the build are containerized, only Docker is required on the agents. This makes the agents very cheap to recreate.

Instead of creating a monolithic container image, tools should be provided only to the build steps where they are required. When analyzing your build, many steps can be safisfied by using official images while only a few require custom images. As a result, each and every build step should be isolated in a fresh container based on the best image for the job.

Why insulatr

When I decided to develop insulatr for container native builds, I had already worked with a dozen different CI/CD products and found all of them to be working nicely. At the same time some of them already included containerized builds. Those are usually based on a textual build definition describing the individual build steps as well as required information like the container image to be used, similar to the following:

image: openjdk:8-jdk-alpine
  - javac

Among those products are GitLab, drone and Concourse CI. But mind, this list is no exhaustive!

I chose to develop insulatr to be a tool without a server component and without a scheduler. This allows build to run independently of the scheduler and allows build to be migrated to another product very easily.


At the time of this writing, insulatr was just published. It includes the following features:

Example: Java

The following definition builds Java code and executed it in separate build steps:

  - inject:
    content: |-
      class HelloWorld {
        public static void main(String[] a) {
          System.out.println("Hello world!");

  - name: build
    image: openjdk:8-jdk
      - javac
  - name: run
    image: openjdk:8-jre
      - java HelloWorld

Example: Docker build

The following definition builds a new Docker image based on the source code of insulatr:

  - name: insulatr
    shallow: true
    directory: go/src/

  - name: dind
    image: docker:dind
    privileged: true
    suppress_log: true

  - inject: Dockerfile
    content: |
      FROM scratch
      COPY /go/src/ /insulatr
      ENTRYPOINT [ "/insulatr" ]


  - name: build
    image: golang:1.11
      - curl | sh
      - cd go/src/
      - glide install
      - make static

  - name: docker
    image: docker:stable
      - DOCKER_HOST=tcp://dind:2375
      - docker build --tag insulatr:latest .
Feedback is always welcome! If you'd like to get in touch with me concerning the contents of this article, please use Twitter.